Comments on: Cross-Site Scripting Attacks (XSS)http://www.sitepoint.com/php-security-cross-site-scripting-attacks-xss/
Learn CSS | HTML5 | JavaScript | Wordpress | Tutorials-Web Development | Reference | Books and MoreSat, 01 Aug 2015 20:53:00 +0000hourly1http://wordpress.org/?v=4.2.2By: Mohammadhttp://www.sitepoint.com/php-security-cross-site-scripting-attacks-xss/#comment-17474
Sun, 23 Jun 2013 23:02:33 +0000http://www.sitepoint.com/?p=2429#comment-17474Very useful. tnx
]]>By: Sevarhttp://www.sitepoint.com/php-security-cross-site-scripting-attacks-xss/#comment-17473
Tue, 11 Jun 2013 01:10:00 +0000http://www.sitepoint.com/?p=2429#comment-17473A good article. However, I did not like the fact that you used only preg_replace() and preg_match() functions on a user inputted data and then echoed it out. I understand that this will work in the case you mentioned, but it is a bad practice to only use validation before echoing out user-inputted data. Think about how easy it is for people to mess up their regular expressions!
Also you used htmlspecialchars($comments), again a very bad practice, you should always use htmlspecialchars($comments, ENT_QUOTES, ‘UTF-8′);
However, it is a good article on it self but not a good explanation of XSS. I highly recommend you use this article on XSS: http://www.sunnytuts.com/article/preventing-cross-site-scripting-xss
]]>By: PeeceBabshttp://www.sitepoint.com/php-security-cross-site-scripting-attacks-xss/#comment-17472
Tue, 09 Apr 2013 08:27:27 +0000http://www.sitepoint.com/?p=2429#comment-17472Hello. Do anyone know what is all about this cookie acceptation thing? Is it safe?

Thanks for answer

]]>By: Tomhttp://www.sitepoint.com/php-security-cross-site-scripting-attacks-xss/#comment-17471
Mon, 25 Mar 2013 12:28:43 +0000http://www.sitepoint.com/?p=2429#comment-17471Yes, it’s just example code, and a very valuable article that has helped me as I’m learning security, but without the guy’s comment above explaining the reason not to mix htmlspecialchars with strip_tags I would’ve missed a very valuable point. What is the point of putting up “example code” (with the purpose of teaching people something) if what you’re teaching is wrong, and then when someone corrects it, chiming in to say, “Hey, it’s just example code.” That’s kind of like explaining to someone how to bake a cake, and telling them to put the wrong ingredients in it so it comes out tasting terrible, and then when someone calls you on it, saying, “Hey, I was just giving them an example.”
]]>By: Garbage In, Garbage Outhttp://www.sitepoint.com/php-security-cross-site-scripting-attacks-xss/#comment-17470
Tue, 12 Feb 2013 19:28:24 +0000http://www.sitepoint.com/?p=2429#comment-17470I would have referred others here if only you hadn’t advocated the use of strip_tags. Instead I have to add this article to the junk pile. The solution you promote would prevent anyone from talking about or citation styles .
]]>By: codeguyhttp://www.sitepoint.com/php-security-cross-site-scripting-attacks-xss/#comment-17469
Sun, 21 Oct 2012 21:17:07 +0000http://www.sitepoint.com/?p=2429#comment-17469I could be wrong, but I believe that the line
$cleanval=mysql_real_escape_string($cleanval);
will only work if a mysql connection has already been established.
]]>By: moihttp://www.sitepoint.com/php-security-cross-site-scripting-attacks-xss/#comment-17468
Sat, 20 Oct 2012 22:46:17 +0000http://www.sitepoint.com/?p=2429#comment-17468Hello
I submitted a forum and was redirected to a page saying xss attacked with my ip address
What should I do now?
]]>By: Timothy Boronczykhttp://www.sitepoint.com/php-security-cross-site-scripting-attacks-xss/#comment-17467
Wed, 29 Aug 2012 01:51:51 +0000http://www.sitepoint.com/?p=2429#comment-17467Fixed… thanks!
]]>By: gernhttp://www.sitepoint.com/php-security-cross-site-scripting-attacks-xss/#comment-17466
Tue, 28 Aug 2012 18:15:53 +0000http://www.sitepoint.com/?p=2429#comment-17466um…I think it’s “bear in mind” not “bare in mind”. :)
]]>By: Jonhttp://www.sitepoint.com/php-security-cross-site-scripting-attacks-xss/#comment-17465
Wed, 25 Jul 2012 18:54:17 +0000http://www.sitepoint.com/?p=2429#comment-17465Very good article. Thank you for helping me to better understanding XSS attacks and how to write better code to prevent it.
]]>